MENU
Friday 11 Apr 2025 @ 15:15
techUK
Printable version

techUK response to the Home Office Ransomware Consultation

techUK has submitted it's response to the Home Office consultation response which looked at proposed measures to reduce the impact of ransomware attacks on our Critical National Infrastructure and Public Sector.

techUK welcomes and shares the government's ambition to ensure the UK is better protected against ransomware and recognise the serious threat it poses to organisations and the wider economy. The cyber threat landscape and particularly the ransomware ecosystem is evolving to become increasingly complex and professionalised, and it targets all parts of the UK and global economies.

However, techUK and its members expressed concern that any guidance or framework would need to be carefully designed to avoid further burdening victims of ransomware attacks and prevent any unintended consequences.

In our response, we outlined how a full implementation of the proposals could have the following impact on the sector:

  • Potential duplication of efforts and compliance if these proposals are not aligned to the Cyber Resilience and Security Bill, among other government strategies.
  • Placing an undue burden on the victim of an attack. Members feel strongly that victims needs support not punishment.
  • Banning payments could inadvertently push ransomware transactions underground, reduce visibility into cyber criminal and/or shifting attacks to other sectors outside UK CNI and Public Sector, such as Manufacturing which contribute significantly to the UK economy or further down the supply chain.
  • A blanket approach could create disproportionate challenges for particular groups that may lack the resources or expertise to comply.

Some high-level points and recommendations include:

  • techUK and members disagreed with that the government should implement a targeted ban on ransomware payments on CNI and public sector, highlighting the points above as key challenges to it's implementation.
  • Non-compliance of a ban could lead to criminalising a victim of a crime. techUK and members find any such initiative counterproductive to the government's own resilience agenda which fails to address the root cause.
  • The current voluntary ransomware incident reporting regime should continue to be used with a more structured approach which ensures organisations see the value in reporting, rather than perceiving it as an additional regulatory burden.
  • The government should create a 'one stop shop' for reporting of an incident and outline the clear next steps a business should take if they are the victim of an attack. This would help to incentivise incident reporting. 
  • The government should share anonymised threat intelligence using data gathered from incident reporting, this should be shared with organisations to support their understanding of the threat landscape and further incentives compliance with reporting regimes.

Read our full response here.

Channel website: http://www.techuk.org/

Original article link: https://www.techuk.org/resource/techuk-respond-to-the-home-office-ransomware-consultation.html

Share this article

Latest News from
techUK

World Quantum Day 2025

14/04/2025 16:25:00

World Quantum Day is an international initiative that invites all businesses, scientists, engineers, educators, communicators, entrepreneurs, technologists and more to showcase the latest advancements in quantum technologies and generate interest in quantum-based ambitions.

Corry Review: Defra Must Reform Itself to Protect Nature and Deliver Growth

14/04/2025 11:25:00

Dan Corry, who led the Number 10 Policy Unit for Prime Minister Gordon Brown, recently released a report offering a series of recommendations to reform Defra.

EU unveils its plan for global leadership in AI race: the AI Continent Action Plan

11/04/2025 11:05:00

On 9 April 2025, the EU Commission unveiled its AI Continent Action Plan outlining a set of “bold actions” to become a “global leader in Artificial Intelligence, a leading AI continent”.  

Resources for Responsible AI Professionals: Building Your Career in Ethical AI and the Assurance Ecosystem

11/04/2025 09:05:00

As AI continues to transform industries across the globe, the need for professionals who can operationalise its ethical implementation has never been more critical. 

Government publishes Cyber Governance Code of Practice

09/04/2025 14:25:00

Following the 2024 Call for Views on the Cyber Governance Code of Practice, the Department for Science, Innovation and Technology (DSIT) has published practical guidance to help boards and directors govern their organisations’ cyber security risks more effectively.

The CMA Sets Out its Programme of Action in its Annual Plan 2025 to 2026

04/04/2025 11:15:00

The CMA has published its Annual Plan for 2025 to 2026, which sets out the programme of action the regulator will take in the upcoming year to continue to promote competition and protect consumers, whilst driving growth and investment. Below, techUK outlines the key points of note.

Overview: CMA's Merger Remedies Review Call for Evidence

02/04/2025 15:25:00

techUK provides an overview of the CMA's call for evidence document for the Merger Remedies Review

Challenges and Opportunities for AI Adoption in Government

01/04/2025 16:25:00

The Government's ambitious plans to integrate artificial intelligence (AI) into public services face substantial obstacles, as highlighted in the recent Public Accounts Committee (PAC) report. 

Interoperability in Justice and Public Safety Forum - Second session write-up

01/04/2025 11:25:00

On the second session of the Interoperability in Justice and Public Safety we were joined by David Boyle, National JESIP lead for Strategy and Transformation, and Scot Dunn, Chief Information Officer at Humberside Police.

Latest Report: AI, digital transformation, and vulnerable customers